• DocumentCode
    2089653
  • Title

    Introducing abuse frames for analysing security requirements

  • Author

    Lin, Luncheng ; Nuseibeh, Bashar ; Ince, Darrel ; Jackson, Michael ; Moffett, Jonathan

  • Author_Institution
    Dept. of Comput., Open Univ., Milton Keynes, UK
  • fYear
    2003
  • fDate
    8-12 Sept. 2003
  • Firstpage
    371
  • Lastpage
    372
  • Abstract
    We are developing an approach using Jackson´s Problem Frames to analyse security problems in order to determine security vulnerabilities. We introduce the notion of an anti-requirement as the requirement of a malicious user that can subvert an existing requirement. We incorporate anti-requirements into so-called abuse frames to represent the notion of a security threat imposed by malicious users in a particular problem context. We suggest how abuse frames can provide a means for bounding the scope of security problems in order to analyse security threats and derive security requirements.
  • Keywords
    computer crime; data privacy; formal specification; formal verification; security of data; systems analysis; Jackson Problem Frames; abuse frames; data privacy; malicious user; security vulnerability; system security requirement analysis; Automation; Computer science; Computer security; Design engineering; Engineering management; Information security; Internet; Mission critical systems; Protection; Systems engineering and theory;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Requirements Engineering Conference, 2003. Proceedings. 11th IEEE International
  • ISSN
    1090-705X
  • Print_ISBN
    0-7695-1980-6
  • Type

    conf

  • DOI
    10.1109/ICRE.2003.1232791
  • Filename
    1232791
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2089653